1 |
On 13 Aug 2003 07:59:23 +0200 |
2 |
Klavs Klavsen <kl@××××.dk> wrote: |
3 |
|
4 |
> Hi guys, |
5 |
> |
6 |
> I know there has been several requests (also from me) asking for a way |
7 |
> to do security updates only. |
8 |
> |
9 |
> Something like emerge -s world --nodeps (should update every package |
10 |
> that has had a GLSA for it if the version matches the GLSA(s)) would |
11 |
> IMHO be very cool and very much needed. Then I bet many people would |
12 |
> set that to update automagically - which should be possible - would |
13 |
> help security a whole lot :) |
14 |
> |
15 |
> I'm no python programmer (atleast not yet - a frind of mine tells me |
16 |
> it's quite easy, and a cool language :) - and I don't know how well |
17 |
> portage is structured, but I think this security thing could easily be |
18 |
> accomplished, if the GLSA's were added to the tree (why shouldn't they |
19 |
> - they don't take up much space, and why should people have to go to |
20 |
> the webpage, or receive an email to get notified?). |
21 |
> |
22 |
> What do you think? |
23 |
|
24 |
I wrote a small prototype for that, but it needs support from the |
25 |
GLSA guys as it is very difficult to get the GLSA from a script as they |
26 |
are only published at different mailing lists and the forums. Another |
27 |
issue is that my script works with XML versions of GLSA, so someone |
28 |
needs to convert the plaintext versions. |
29 |
Code, DTD and sample XML GLSA are available at |
30 |
http://gentoo.devel-net.org/glsa/ . |
31 |
|
32 |
Marius |
33 |
|
34 |
-- |
35 |
gentoo-dev@g.o mailing list |